Nikos Mavrogiannopoulos nmav at
Fri May 28 09:48:14 CEST 2010

Simon Josefsson wrote:
> Simon Josefsson <simon at> writes:
>> Items left is to write and check the safe renegotiation self tests
>> and to update the documentation section for it.  I think there are bugs
>> in both those parts right now, that's why I haven't made any releases.
> Nikos, I have updated the manual now to describe what I believe the
> behaviour should be -- could you check that it matches your
> interpretation?
> Note that I'm not sure how %INITIAL_SAFE_RENEGOTIATION fits into this
> picture.
I've update it to include it. Check it and let me know if you agree.

> I also suspect we want a priority string (e.g. %PARTIAL_RENEGOTIATION)
> to describe today's default behaviour of permitting initial handshakes
> but not rehandshakes -- so that clients/servers can use it and be
> forward-compatible even when/if we change the default to make
> clients/servers refuse initial handshakes without the extension.

I believe you are talking about the %SAFE_RENEGOTIATION string not
enforcing the extension on every connection (negotiation or
renegotiation). This is ok since the threat is not on the server. Server
is not less secure without the extension. The SAFE_RENEGOTIATION flag
on the server is there to protect the client and this protection should
be during renegotiation according to the threat. The
INITIAL_SAFE_RENEGOTIATION is there to enforce clients to upgrade, by
denying access to them if they do not support the extension. It does not
increase security on any of the client or server.


More information about the Gnutls-devel mailing list